Docker config

Author: rafaelrpinto

VulnerableJavaWebApp/Dockerfile

@@ -0,0 +1,17 @@
+# JDK 8 + Maven 3.3.9 
+FROM maven:3.3.9-jdk-8
+
+# Prepare the folder
+RUN mkdir -p /app
+COPY . /app
+WORKDIR /app
+
+# Generates the package
+RUN mvn install
+
+# Http port
+ENV PORT 9000
+EXPOSE  $PORT
+
+# Executes spring boot's jar
+CMD ["java", "-jar", "target/vulnerablejavawebapp-0.0.1-SNAPSHOT.jar"]

VulnerableJavaWebApp/pom.xml

@@ -10,7 +10,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>1.4.0.RELEASE</version>
+		<version>1.4.2.RELEASE</version>
 	</parent>
 
 	<properties>
@@ -41,5 +41,21 @@
 			<artifactId>h2</artifactId>
 		</dependency>
 	</dependencies>
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.springframework.boot</groupId>
+				<artifactId>spring-boot-maven-plugin</artifactId>
+				<version>${parent.version}</version>
+				<executions>
+				    <execution>
+					<goals>
+					    <goal>repackage</goal>
+					</goals>
+				    </execution>
+				</executions>
+			</plugin>
+		</plugins>
+	</build>
 
-</project>
+</project>

VulnerableJavaWebApp/src/main/java/com/github/rafaelrpinto/vulnerablejavawebapp/config/AppLauncher.java

@@ -9,15 +9,10 @@
 import javax.servlet.SessionTrackingMode;
 import javax.sql.DataSource;
 
-import org.apache.catalina.connector.Connector;
-import org.apache.coyote.http11.Http11NioProtocol;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
-import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory;
 import org.springframework.boot.context.embedded.ServletContextInitializer;
-import org.springframework.boot.context.embedded.tomcat.TomcatConnectorCustomizer;
-import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
@@ -96,29 +91,4 @@ public void onStartup(ServletContext servletContext) throws ServletException {
 		};
 
 	}
-
-	@Bean
-	public EmbeddedServletContainerFactory servletContainer() {
-		// https config
-		final String keystorePass = "abcd1234";
-		final String keystoreType = "PKCS12";
-		final String keystoreProvider = "SunJSSE";
-		final String keystoreAlias = "tomcat";
-		final String keystoreAbsolutePath = getClass().getClassLoader().getResource("ssl/keystore.p12").getFile();
-
-		TomcatEmbeddedServletContainerFactory factory = new TomcatEmbeddedServletContainerFactory();
-		factory.addConnectorCustomizers((TomcatConnectorCustomizer) (Connector con) -> {
-			con.setScheme("https");
-			con.setSecure(true);
-			Http11NioProtocol proto = (Http11NioProtocol) con.getProtocolHandler();
-			proto.setSSLEnabled(true);
-			proto.setKeystoreFile(keystoreAbsolutePath);
-			proto.setKeystorePass(keystorePass);
-			proto.setKeystoreType(keystoreType);
-			proto.setProperty("keystoreProvider", keystoreProvider);
-			proto.setKeyAlias(keystoreAlias);
-		});
-
-		return factory;
-	}
 }

VulnerableJavaWebApp/src/main/resources/application.properties

@@ -1 +1,3 @@
-server.port=9000
+server.port=9000
+server.ssl.key-store = classpath:keystore.jks
+server.ssl.key-password = secret